3 ก - bc.msu.ac.thbc.msu.ac.th/project_file/chapter3(215).pdf · 3 ก 3.1. ก ˘ ˘ˇˆ ˇ˙˝...
TRANSCRIPT
����� 3
����ก���������
3.1. �ก�������������� 3.1.1. ก���ก��� �� ������������������ก���ก��� �����ก����ก��ก������ ก!"#$� ClearOs Linux �1�2ก�� Coovachilli 78� Freeradius # ก����;������ก�����<=>1�� 3.1.2. >�=2�8��ก��@��A!" 2�ก���� ��>�=2�8�ก����ก�����2B�2��C>=DE��7ก�278��FG������ก;�>H �ก����>�=Dก��ก���;������"����78�I�J ����� A�D>�=2�8��������กก���� ��� ��@��A!" B�2��C ��2����� ก!"#$�# ก��I�J �78�==ก7������78�2�� <H=��=<� ����ก����>�=D 3.2. ������� !"����ก"������
�F�� �� 2�ก�� �����E E8���>��2�#$�=�1�D7I�1�8�� �I<�=#$�# ก�����D� !1�DK L��# � 1��D� �I<�==�� �����2B���ก ��ก2�ก�� ���������<=>1���>��2�#$�D� �1�2ก�����E E8��ก@��B�2��C���#��ก�����D� 2����B;�M;L�I���2B���ก2�ก>H 7!1# ���2B���ก �H���#�����#$�D� 8<2��� DCDB;�D!1�DK����ก;�>H ��� �$1 ก��B1D>�=2�8>1��B��!1�DK �1� �������<=>1�� ���#��>�=2�8�212����2�8=�L�� � <�=D��ก�212������N=Dก� ��<=�212�ก������ก@�>�=2�8���D� !1�DKL��# ���<�=D�=2I;��!=�"=�1�DB2����" �<= ก���ก@�8@=ก�O8">=D����>��#$�D� �����1��ก;�=���>H ���DL��# ���<�=D�=2I;��!=�" A=O!"7��" ���#$�# ก��I�J �ก������ก@�8@=ก�O8"�ก����ก����! ก���"!1�DK78��������2�8=�L������ก;�>H L��# ���<�=D>=D���#$� �<= Freeradius ��2�I�J ��I<�=#$�# ก���ก@�>�=2�8���D� >�=2�8��! ก���"!1�DK ����ก;�>H �$1 ก��!���B=�B;�M; B�2��C�ก@� Log File �I<�=!���B=��8�D��� !�2กQ�2��#�21ก��� �desktop B�2��C!���B=�>=D���#$�D� ��<=�����! ก���"!1�DK����ก;�>H ���#��������������� 3.2.1. � �B2��!;>=DE��7ก�2 ���2B�2��C��<=� �8�ก��E��������>=D Freeradius ��U E��7ก�2���#$�# ก�����ก��7=������"78�#$�# ก��!���B=�B;�M; !�22�!�V� IEEE 802.1X !�2�= �A@� �<= AAA
25
Accounting �� �<=ก�����ก��7=������"# ��� !1�DK��HDก��B���D7=������" 8� 78��I;�27=������" !8=�� ก���I;�2�!;2� �B2��!;!1�DK>=D77!18�7=������"
AuthenticationB;�M;!�2�;M�ก�� A 7�ก������ก81��2�# >�H != �H��2�ก��7��D72B�B�!1�DK�1��1� ��<=�21 �1� ก��!���B=�B;�M;78��2<�=�1� ก���� ก�� �H���B����@�ก@���>��B�1ก���� ก��B ����� �<= Authorize
#�$��� 3.1 �8�กก�����D� 3.2.2. �;M�ก��!;�!�HDE��7ก�2 Winscp E��7ก�2 Winscp ��U E��7ก�2 FTP Client �<= E��ก�2���B1D>�=2�8��D Server 3.2.2.1. B�2��C��� "E�8�E��7ก�2������ http://winscp.net 3.2.2.2. �2<�=E�8�E��7ก�2�������=�78��#�����ก��!;�!�HDE��7ก�2 3.2.2.3. �8�D��กก��!;�!�HDE��7ก�22��=�= >=D WinSCP ��� Desktop 3.2.2.4. �8;ก����=�= WinSCP �I<�=��;�2!� #$�D� . 3.2.2.5. ���ก��ก��� ��1��I<�= !;�!1=ก���A;�"O��=�"
26
#�$��� 3.2 login E��7ก�2 WinScp
Host name ��U $<�=��@��A!"���!�HD>H �<= [email protected] E��2� Port number 22 !�HD$<�=��G$����#$� User name : root 78� Password: 123456 78���8;ก Login
#�$��� 3.3 7B�D>�=2�8# E��7ก�2 WinScp
oFpDA����<=���<�=D User 78�oFpD>����U ���<�=D server ���#$�# ก���$<�=2!1=B1D>�=2�8
���<�=D User ���<�=D server
27
#�$��� 3.4 ก��8�ก�O8"������ root
ก��8�ก�O8"���!�=Dก����ก� ��!1�D���<�=D user ����D���<�=Dserver 78�����ก���< �� ก��#���8;ก copy
#�$��� 3.5 ก�� upload �������=�
28
3.2.3. !;�!�HD�O8"E��7ก�278��1� Config 3.2.3.1. >�H != ก�� Config file sql.conf# E��7ก�2 Freeradius #$�# ก��!;�!1=ก��V� >�=2�8���B���D>H
#�$��� 3.6 ก�� config sql =M;��� : 1.#B1$<�= host >=D server ��U localhost �I<�=!;�!1=ก�� Mysql ��� 2. !�HD�1� login ��U root 3. !�HD���B�1� 123456 !�2���!�=Dก�� 4. !�HD$<�=V� >�=2�8>=D radius 3.2.4. >�H != ก�� Config file coova.conf # E��7ก�2Coova
#�$��� 3.7 ก�� config coova
server = "localhost" login = "root" password = "123456" radius_db = "radius"
HS_WANIF=eth0 HS_LANIF=eth1 HS_NETWORK=192.168.0.0 HS_NETMASK=255.255.255.0 HS_UAMLISTEN=192.168.0.1 HS_DNS1=192.168.0.1
29
=M;��� : 1. Interface����$<�=2!1==; �!=�"� @! 2����2�����U !�=D#$� eth0 2. Interface����$<�=2!1= LANB������7�ก IP E�� Chilli 3. HotSpot Network Netmask 4. HotSpot Network Netmask 5. �=I�>�78 ( eth1) 6. �8> dns server $ ���� 1 ���7�ก#�� PC 8�ก>1��
#�$��� 3.8 ก�� config coova 78� hotspot =M;��� : 1. #B1$<�=hotspot �<= nas01 2. !�HD�1����B�1� !�Dก�� hotspot 3. �8> radius server $ ���� 1 ���#$���;ก�� authen C����U server �Hก@#$��1� localhost 4. �8> radius server $ ���� 2 ���#$���;ก�� authen 5. �1�>=D radius shared secret 6. IP Addresss ��<= url ����ก��� �=2#������ Chillispot �1� �O�>���E���21!�=D Authentication
HS_NASID=nas01 HS_UAMSECRET=ht2eb8ej6s4et3rg1ulp HS_RADIUS=127.0.0.1 HS_RADIUS2=127.0.0.1 HS_RADSECRET=testing123 HS_UAMALLOW=192.168.0.0/24 HS_UAMSERVICE=http://\$HS_UAMSERVER/authen/hotspotlogin.php
30
3.2.5. >�H != ก�� Config firewall
#�$��� 3.9 !�HD�1� Config firewall
=M;���: 1. ���ก��= G�!#��#$�D� INPUT �����U syn flag 2. ก���21= G�!#�����ก����;�2!� ��� connection (syn) ����D port squid E��!�D (7!1��ก�1� ก�� REDIRECT B�2��C#$�D� ���) 3. >�=2�8����>��# table nat #���I;�2�>����# chain PREROUTING �<= != �H>�=2�8ก��8�D�>��2�# ���<�=D E������>��2���ก Interface tun0 E��2�E��E!�=8 tcp ���#$�ก�=D7Iก�ก��>��-==ก>=Dtun0 ���� tcp����D�8����D 192.168.0.1/24 port 80 #��==ก��# chain �F�� �� 4. ���ก��B1D!1= packet ����>��2���DI=�"! 80 ����D squid I=�"! 3128 ���� ���B��D iptables E���I;�2# �O8" /etc/init.d/chilli.iptables 5. ���ก��B1D!1= packet ����>��2���DI=�"! 80 ����D FTP I=�"! 2121 ���� ���B��D iptables E���I;�2# �O8" /etc/init.d/chilli.iptables
iptables -A INPUT -i tun0 -p tcp -m tcp --dport 3128 --syn -j ACCEPT iptables -t nat -A PREROUTING -i tun0 -p tcp -m tcp --dport 3128 --syn -j DROP iptables -t nat -A PREROUTING -i tun0 -p tcp -m tcp -d 192.168.0.0/24 --dport 80 -j RETURN iptables -t nat -A PREROUTING -i tun0 -p tcp --dport 80 -j REDIRECT --to-port 3128 iptables -t nat -A PREROUTING -i tun0 -p tcp --dport 21 -j REDIRECT --to-port 2121
31
#�$��� 3.10 !�HD�1� Config firewall
My_Local_Net=192.168.0.0/24 //�I<�=ก��� �#�� IP forwarding ��U Enable �I<�=#�� Linux box B�2��C forward ip packet ��� ) echo "1" > /proc/sys/net/ipv4/ip_forward echo "1" > /proc/sys/net/ipv4/conf/default/rp_filter echo "1" > /proc/sys/kernel/core_uses_pid //ก��!;�!�HD module !1�DK modprobe ip_nat_ftp modprobe ip_tables modprobe iptable_nat modprobe ipt_conntrack modprobe ip_conntrack modprobe ip_conntrack_ftp modprobe ip_conntrack_irc modprobe ip_nat_irc modprobe ip_nat_snmp_basic //packet ���ก��8�D�1� �>��2���D FORWARD chain E���;�D�1� tun0 iptables -A FORWARD -o tun0 -j ACCEPT //packet C�กB1D�>��2���DFORWARD chain E���;�D�1� tun0 iptables -A FORWARD -i tun0 -j ACCEPT //���MASQUERADEB������� กpacket ����;�D�1� 2� address !� ��D 2���D eth 0 ) iptables -t nat -A POSTROUTING -s $My_Local_Net -o eth0 -j MASQUERADE
32
3.2.6. >�H != ก�� Config database !�HD�1�# V� >�=2�8�I<�=�>��#$�D�
#�$��� 3.11 Config database =M;���: 1. !�HD�1� hostname>=D��!����B �<= localhost 2. !�HD�1� username >=D��!����B �<= root 3. !�HD�1� password >=D��!����B �<= 123456 4. !�HD�1�V� >�=2�8 �<= radius 5. link ��� ��V� >�=2�8 mysql 6. �$<�=2!1=����D��!����B 7. ����ก��!���D��!����B 8. ��>�=2�8# V� >�=2�82�7B�D==ก��U (SET NAMES 'utf8')
# configuration for database 1. $_config['database']['hostname'] = "localhost"; 2. $_config['database']['username'] = "root"; 3. $_config['database']['password'] = "123456"; 4. $_config['database']['database'] = "radius"; # connect the database server 5. $link = new mysqldb(); 6. $link->connect($_config['database']); 7. $link->selectdb($_config['database']['database']); 8. $link->query("SET NAMES 'utf8'"); @session_start();
l
33
3.2.7. ก�� update E��7ก�2L��# Linux �1� putty E��#$� YUM ��U !��=�I��!
#�$��� 3.12 ก�� update linux
#�$��� 3.13 >�H != ก��!;�!�HD
34
#�$��� 3.14 ก��!;�!�HD yum
#�$��� 3.15 !;�!�HD�������=�
35
3.2.8. ก��!;�!�HD Package �1� putty E��#$� rpm# ก�����ก��V� >�=2�8
#�$��� 3.16 !;�!�HD Package �1� putty
3.2.9. ก�� Install Package squid
#�$��� 3.17 !;�!�HD package squid
service squid stop cd squid cp -Rf key.txt /etc/squid/ cp -Rf download.txt /etc/squid/ chmod 777 /etc/squid/key.txt chmod 777 /etc/squid/download.txt mv /etc/squid/squid.conf /etc/squid/squid.conf.old1 cp -Rf squid.conf /etc/squid/ squid �zD service squid start
36
3.2.10. ก�� Install Package freeradius
#�$��� 3.18 !;�!�HD package freeradius
cd freeradius rpm -ivh *.rpm mv /etc/raddb/sql.conf /etc/raddb/sql.conf.old1 cp -Rf sql.conf /etc/raddb/ mv /etc/raddb/radiusd.conf /etc/raddb/radiusd.conf.old1 cp -Rf radiusd.conf /etc/raddb/ mv /etc/raddb/clients.conf /etc/raddb/clients.conf.old1 cp -Rf clients.conf /etc/raddb/ mv /etc/raddb/sql/mysql/dialup.conf /etc/raddb/sql/mysql/dialup.conf.old1 cp -Rf dialup.conf /etc/raddb/sql/mysql/ rm -Rf /etc/raddb/sites-available/default cp -Rf default /etc/raddb/sites-available/ rm -Rf /etc/raddb/sql/mysql/counter.conf cp -Rf counter.conf /etc/raddb/sql/mysql/ cd ..
37
3.2.11. ก�� Install Package coova
#�$��� 3.19 ก��!;�!�HD Package coova
cd coova rpm -ivh *.rpm mv /etc/chilli.conf /etc/chilli.conf.old1 cp -Rf chilli.conf /etc/ cp -Rf config /etc/chilli/ rm -Rf /etc/init.d/chilli cp -Rf chilli /etc/init.d/ chmod 777 /etc/init.d/chilli rm -Rf /etc/rc.d/rc.firewall.loca/ cp -Rf rc.firewall.local /etc/rc.d/ chmod 755 /etc/rc.d/rc.firewall.loca cp -Rf directory.conf /etc/httpd/conf.d/ chmod 777 /etc/httpd/conf.d/directory.conf cp -Rf clearradutmp.sh /etc/
38
3.2.12. �8��B=�E��7ก�2�8�D!;�!�HD �8�D��กก��!;�!�HDE��7ก�2�B�@��������=� ก@���ก����B=�E��7ก�2 E��7B�D� �� url http:// 192.168.0.1 �I<�=���ก�� login �>��#$�D� msu internet
#�$��� 3.20 � �� Login
#�$��� 3.21 � �� popup